Security Advisories - drupal/drupal

drupal/drupal Security Advisories for 9.0.0-beta2 (13)

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

PKSA-228s-b71d-gqtr

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.1.0|>=9.1.0,<9.1.12|>=9.2.0,<9.2.4

Reported by:
FriendsOfPHP/security-advisories
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

PKSA-jxhg-kvfm-s7yj CVE-2021-33829 GHSA-rgx6-rjj4-c388

Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.16|>=9.0.0,<9.0.14|>=9.1.0,<9.1.9

Reported by:
FriendsOfPHP/security-advisories, GitHub
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

PKSA-tyxj-vy9p-637h CVE-2020-13672

Affected version: >=7.0.0,<7.80|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<8.9.14|>=9.0.0,<9.0.12|>=9.1.0,<9.1.7

Reported by:
FriendsOfPHP/security-advisories
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

PKSA-dyq4-qbdd-22t9

Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8

Reported by:
FriendsOfPHP/security-advisories
[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012

PKSA-3srb-7yzb-k3z9 CVE-2020-13671 GHSA-68jc-v27h-vhmw

Affected version: >=7.0.0,<7.74|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.11|>=8.9.0,<8.9.9|>=9.0.0,<9.0.8

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

PKSA-pj26-qzbs-qsdf CVE-2020-13670 GHSA-mmjr-5q74-p3m4

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6

Reported by:
FriendsOfPHP/security-advisories, GitHub
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

PKSA-cw52-vxdv-rgs8 CVE-2020-13669

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6

Reported by:
FriendsOfPHP/security-advisories
[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

PKSA-7wth-f9fy-pscz CVE-2020-13668 GHSA-m6q5-wv4x-fv6h

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6

Reported by:
FriendsOfPHP/security-advisories, GitHub
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

PKSA-p8nh-vdkj-qj6y CVE-2020-13667

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6

Reported by:
FriendsOfPHP/security-advisories
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

PKSA-t5jy-w6qp-61j7 CVE-2020-13666

Affected version: >=7.0.0,<7.73|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.10|>=8.9.0,<8.9.6|>=9.0.0,<9.0.6

Reported by:
FriendsOfPHP/security-advisories
[HIGH] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

PKSA-n9tv-m1y4-br95 CVE-2020-13663 GHSA-m648-hpf8-qcjw

Affected version: >=7.0.0,<7.72|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1

Reported by:
FriendsOfPHP/security-advisories, GitHub
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

PKSA-jtb2-54dk-mhsx CVE-2020-13664

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1

Reported by:
FriendsOfPHP/security-advisories
Drupal core - Less critical - Access bypass - SA-CORE-2020-006

PKSA-sjd7-frvy-mdhc CVE-2020-13665

Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.8.8|>=8.9.0,<8.9.1|>=9.0.0,<9.0.1

Reported by:
FriendsOfPHP/security-advisories

drupal/drupal Security Advisories for 9.0.0-beta2 (13)

[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

[HIGH] Drupal core - Critical - Remote code execution - SA-CORE-2020-012

[HIGH] Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

[MEDIUM] Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

[HIGH] Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004